External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-08 22:15:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
14,014 Commits 67 Branches 629 Tags 870 MiB
C 94.8%
Python 2%
Meson 0.9%
Shell 0.8%
Dockerfile 0.6%
Other 0.8%
d23cf2c91b
Go to file
Eric Blake d23cf2c91b security: provide supplemental groups even when parsing label (CVE-2013-4291) 
Commit 29fe5d7 (released in 1.1.1) introduced a latent problem
for any caller of virSecurityManagerSetProcessLabel and where
the domain already had a uid:gid label to be parsed.  Such a
setup would collect the list of supplementary groups during
virSecurityManagerPreFork, but then ignores that information,
and thus fails to call setgroups() to adjust the supplementary
groups of the process.

Upstream does not use virSecurityManagerSetProcessLabel for
qemu (it uses virSecurityManagerSetChildProcessLabel instead),
so this problem remained latent until backporting the initial
commit into v0.10.2-maint (commit c061ff5, released in 0.10.2.7),
where virSecurityManagerSetChildProcessLabel has not been
backported.  As a result of using a different code path in the
backport, attempts to start a qemu domain that runs as qemu:qemu
will end up with supplementary groups unchanged from the libvirtd
parent process, rather than the desired supplementary groups of
the qemu user.  This can lead to failure to start a domain
(typical Fedora setup assigns user 107 'qemu' to both group 107
'qemu' and group 36 'kvm', so a disk image that is only readable
under kvm group rights is locked out).  Worse, it is a security
hole (the qemu process will inherit supplemental group rights
from the parent libvirtd process, which means it has access
rights to files owned by group 0 even when such files should
not normally be visible to user qemu).

LXC does not use the DAC security driver, so it is not vulnerable
at this time.  Still, it is better to plug the latent hole on
the master branch first, before cherry-picking it to the only
vulnerable branch v0.10.2-maint.

* src/security/security_dac.c (virSecurityDACGetIds): Always populate
groups and ngroups, rather than only when no label is parsed.

Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit 745aa55fbf)
2013-08-29 10:58:02 -06:00
.gnulib@644c40496c maint: update to latest gnulib 2013-07-19 05:53:02 -06:00
build-aux Add API for calling systemd-machined's DBus API 2013-07-22 13:09:58 +01:00
daemon Add bounds checking on virDomainMigrate*Params RPC calls (CVE-2013-4292) 2013-08-29 15:49:28 +01:00
docs Release of libvirt-1.1.1 2013-07-30 17:38:35 +08:00
examples examples: fix mingw build vs. printf 2013-07-29 12:53:36 -06:00
gnulib maint: use LGPL correctly 2013-05-20 14:03:48 -06:00
include Rename VIR_DOMAIN_PAUSED_GUEST_PANICKED to VIR_DOMAIN_PAUSED_CRASHED 2013-07-29 18:08:55 +01:00
m4 Fix build with clang 2013-07-04 11:35:59 +02:00
po Release of libvirt-1.1.1 2013-07-30 17:38:35 +08:00
python python: Drop TODO 2013-07-29 07:54:18 -04:00
src security: provide supplemental groups even when parsing label (CVE-2013-4291) 2013-08-29 10:58:02 -06:00
tests build: fix shunloadtest breakage 2013-07-29 13:09:39 -06:00
tools virsh-domain: Fix memleak in cmdCPUBaseline 2013-08-16 20:41:29 +02:00
.ctags maint: Make ctags work out of the box 2013-07-18 08:47:21 +02:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.gitignore Add API for calling systemd-machined's DBus API 2013-07-22 13:09:58 +01:00
.gitmodules
.mailmap Autogenerate AUTHORS 2012-10-19 12:44:56 -04:00
AUTHORS.in Add John Ferlan to the committers list 2013-02-05 10:59:32 -05:00
autobuild.sh Set PKG_CONFIG_LIBDIR in autobuild.sh 2013-05-17 17:09:29 +01:00
autogen.sh autogen: Handle case when libvirt's submodule 2013-07-19 13:45:22 +02:00
bootstrap maint: update to latest gnulib 2013-07-19 05:53:02 -06:00
bootstrap.conf maint: update to latest gnulib 2013-07-19 05:53:02 -06:00
cfg.mk maint: split long lines in Makefiles 2013-07-19 05:25:35 -06:00
ChangeLog-old virterror.c: Fix several spelling mistakes 2012-02-03 11:32:51 -07:00
configure.ac build: more workarounds for if_bridge.h 2013-08-11 20:14:10 -05:00
COPYING maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
COPYING.LESSER maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
HACKING Adapt to VIR_ALLOC and virAsprintf in docs/ 2013-07-10 11:07:31 +02:00
libvirt.pc.in build: silence warning from autoconf 2012-05-30 09:22:02 -06:00
libvirt.spec.in spec: Cat test-suite.log if make check fails 2013-07-29 18:14:02 +02:00
Makefile.am maint: split long lines in Makefiles 2013-07-19 05:25:35 -06:00
Makefile.nonreentrant maint: use LGPL correctly 2013-05-20 14:03:48 -06:00
mingw-libvirt.spec.in conf: add features to volume target XML 2013-06-21 13:25:30 +02:00
README
README-hacking maint: relax git minimum version 2010-02-24 14:29:27 -05:00
run.in run: license as LGPL 2013-02-23 14:03:19 -07:00
TODO Update todo list file to point at bugzilla/website 2010-10-13 16:45:26 +01:00

README 

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>